Privacy laws do not exempt businesses from protecting customers' privacy just because they are small. As a small business, you are just as responsible for any breaches or mishandling of data as a billion dollar multinational corporation would be.
First, they are legally required.
Secondly, they protect you from liability.
Personally identifiable information is the universal description of any information that can be used to identify, contact or locate an individual. It includes but isn't limited to the following:
Enter your email address where you'd like your policy sent, select translation versions and click "Generate."
Small businesses have the most to lose from poor data practices. You can handle data in a way consistent with local laws and your internal policies, but if a customer interprets that as mishandling, you may face liability or at least an expensive and time-consuming legal battle to fight the claim.
These basic provisions help you remain in compliance with current privacy laws. In addition to crafting a good agreement, you also have to make it available to your customers and assure they accept the terms.
Almost all Privacy Policies start with a description of the data collected. You can make this a list, like telling customers you will collect names, addresses, email address, and payment information, or you may offer general categories.
It is better to be overly specific in this section rather than vague. If you only collect the personal data you require and nothing extra, it should be easy to draft.
Workable is a recruiting software resource firm that offers general templates, including those for data collection. In this template, it offers this broader statement describing information you may gather from customers that you may want to customize for your business:
Notice the use of plain language. When it comes to explaining to customers what type of data you require and request, keeping things simple is the best course of action.
The provisions regarding how you collect information may be included with the type of information or in its own section. ABC Financial takes the first approach and informs customers that they will be aware of information collection because they are the ones submitting it.
When you draft this section, include all data collection efforts in place including online tracking software. Failure to inform customers of that is a violation of privacy laws in some jurisdictions, especially in the European Union.
Cover all of these issues in your section on sharing and disclosure, including when a customer consents. This is how ABC Financial handles disclosure:
If you have affiliate companies that may use the information you collect, specifically mention the affiliates or third parties.
The important part is that you allow the access and correction--not how you do it. Providing a telephone number works but so does online account access or electronic forms. Do what is easiest for you to receive corrections of data and enact them.
Telling consumers how you protect data is required in laws like the UK's Data Protection Act. It is also reassurance and forms an agreement between you and your users that data stays safe.
The Workable template defines general duties and its commitment to them:
If you have a specific way to assure data security, like SSL encryption, mention it specifically. This is what ABC Financial does:
Many countries have laws restricting unsolicited email or spam. You are required to give customers the chance to opt out of these communications and failure to do so could result in civil liability and fines.
It is also simply a nice thing to do. If a customer made one purchase and no longer wants promotions from you, offering a procedure to make this request helps your goodwill. While you may consider the promotions a money-making effort, being respectful towards customers also helps you gain in your market.
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.
22 December 2020